Yesterday I got to Hannover, Germany. I’m here on the way to Berlin, visiting a more realistic, non-capital-city and yet thoroughly pleasant city. Last night I wandered through much of the Old Town and down to the large Maschsee lake. Today I’m visiting The Royal Gardens of Herrenhausen and hopping back on a Deutsche Bahn ICE train to Berlin.

Previous days have been written in retrospective, as there’s been much to do and by some bizarre bad luck I managed to go away without a pen! Today however I’m able to write from trains, and between yesterday evening and today I’ve caught right up!

On Day 5 I saw the Tulip Museum and Body Worlds, had pancakes, rode the tram and wandered a bit. For a few hours I’d considered staying an extra day in Amsterdam, spending most of it sunbathing in Vondelpark, and skipping Hannover. But then the 30°C weather broke and that option became relatively less appealing. Thus today is my last day here, and I wanted to round it out by learning a bit more about Amsterdam itself.

Amsterdam really is full of bicycles. It’s remarkably prevalent and cyclists are remarkably confident in their right-of-way. As a cyclist myself it’s really quite stunning to watch. Sadly only watch: I tripped and grazed my hands exactly where you hold handlebars. The segregated red bicycle lanes are sometimes very clear as a pedestrian - and sometimes not.

The first city in my big rail trip has been Paris. I’ve been here before with family, but my memories were limited to a hawker at the Eiffel Tower and getting my shoelace stuck in an escalator at the Disneyland Paris train station.

In New Horizons last month I talked about submitting my dissertation and planning what came next. I’m excited and a little nervous to have settled my next steps (see upcoming posts), and I’m starting with two weeks travelling Europe by train.

I handed in my dissertation two weeks ago. There’s a few things to finish up but the major things I’ve wanted to deliver this year - a cryptanalysis report, an evolutionary computing experiment, my video processing dissertation - are all done. So from my perspective I’m pretty much done and awaiting Graduation come July!

The Masters year was exhausting and I’m a little burned out, so I’m hoping not to rush into anything. I’ve wanted to go travelling in Europe for a few years now but kept finding interesting internships instead. Now between University and what-comes-after I have a natural gap.

WannaCrypt is the malware whose remarkable spread from mass emails to leaping across vulnerable SMB servers has led to major problems for many organisations in the last few days - in particular the NHS. Much has been written about its spread and MalwareTech’s heroic but accidental halting of its spread.

The British prime minister, Theresa May, and NHS Digital said they were not aware of any evidence that patient records had been compromised in the attack. May said: “This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.”

This would seem to be true. WannaCrypt did not exfiltrate data from SMB shares, merely encrypting it. But this is only true because its motivation was extorting BitCoins. A more strategic attacker could have infiltrated at least as deeply, accessing systems that deal with highly-confidential patient data. This could be used for information, influence, or as a weapon.

I’ve been to a lot of hackdays—between 16 and 20 I won prizes in at least six of them. I picked up a minimal-product/prototyping mindset, but it was hard to keep going afterwards. Over time my enthusiasm waned. The time limits, intensity and limited feedback hindered stretching my boundaries.

This competition seemed quite interesting because writing Cryptography-related software is hard. It’s hard to start off in the right direction, and easy to screw up later on. As such having professional feedback on an interesting day of work sounded great.

So, our task was to build encrypted local partitions. We had to build a system which stored encrypted keys on USB keys. Inserting such a USB key automatically prompted users to authenticate for a particular key. The encrypted volume was then to be used as a virtual drive.

This blog experienced a lull from 2014-07-07 to 2017-02-27, some 966 days. A lot happened in that timespan - I went through a long period of therapy, spent awhile reverse-engineering Dig data from dead ESRI databases in an Archaeology department, and got into everything from Swing Dancing to Python.

What didn’t change was that the old design, well, sucked. I don’t mean that it was the worst thing ever, but it was underwhelming as a place to write. So I’m going to talk through the redesign process.

In the last month I’ve had two articles printed in the student newspaper, Nouse. Over the last year I've been collecting data on student union election candidates, and it was fantastic to pull the findings together.

Battle of the colleges: who’s got the BNOCs
I had about 48 hours to do preliminary analysis with a second year of data. Given those constraints and having not done this before, I'm pretty happy with the printed results.

I’m in my 4th year at York, the Masters year of my MEng Computer Science degree. This term I’ve taken the Topics in Privacy and Security (PSEC) module, which takes a wide technical swath through privacy and security issues. But the assessment is mostly focused on password cracking and doing a security risk assessment for automated road convoys.

We’re assessing how to bring an EU-funded project, SARTRE, to market. The concept, “Safe Road Trains for the Environment,” allows an equipped car to automatically follow ~6m behind a Lead Vehicle. You could sit back and watch a movie—er, do productive work.

One of my favourite things about York is how bicyclable it is. I grew up in the countryside but somewhere decidedly not safe to cycle from, so it’s a very welcome change. Aside from a couple of minor things it’s worked fine for the last 5 years. On Friday (2017-03-10) I had a bit of an accident.

I mused about an implementation of expression trees in Rust two days ago. This is to build a Genetic Programming library in Rust - an biologically-inspired approach to finding robust solutions to difficult problems.

As discussed elsewhere I’ve become a keen fan of Rust. This language’s limited generics pose interesting problems for expressing and generating equations as described above.

I took an Evolutionary Computation course last semester, EVCO. This is a family of techniques where you simulate evolution to find good solutions to problems. Let’s watch an evolutionary process evolve vehicles that can get through a course:

I’d like to thank Dr Daniel Franks for a great course, enthusiastic teaching and many of the examples here.

Let’s say you want to learn an equation that approximates a function. This is a simple example - one of my evco examples evolves Snake players. We’ll use an evolutionary approach called Genetic Programming, which evolves trees representing expressions.

I’m in my Masters year at the moment, which means I have a lot fewer classes but a lot higher expectations in assignments. I’m also undertaking an MEng project (I’ll write about this sometime.) So I have a lot more unreserved time but a bit more work to do. I’ve been filling one day a week doing security and maintainance work on old ColdFusion web applications.

ColdFusion is an old web technology that Macromedia put out. It’s like you implementated of PHP in HTML tags. For I have been working with it - trying to secure a large number of small webapps built with it in years gone by.

There’s a bit of a problem with securing these legacy apps. They’re a mess, and ColdFusion is insecure by default. Let’s take some typical Ruby erb markup:

I’ve been writing a lot of Rust. Since \@Taneb persuaded me to try it the language has grown phenomenally on me. I’ve always shied away from getting too attached to tools and focused more on systems but for the first time since my early Ruby days I’ve become a language fanboy.

While building my Genetic Programming library I needed a convenient way to represent and generate syntax trees. More than anything I wanted users to write a minimum of code. I used an interesting but problematic Recursive Enum approach that’s worth discussing.

I’ve become a fan of developing, “as slowly as possible.” It’s proven hard to crystallise what feelings this sums up, but I relate it to slow, logical, conscious System Two thinking.

The way you start a project indicates a lot about how it will progress. Something that gets a testsuite early on will probably keep one going; something that is essentially untested is hard to improve. This hill can be climbed over if one is lazy or very disciplined - but sustained effort to undo unforced mistakes is hard.

So making the right decisions at the right time is important. Ideally we should favour sustained velocity over quickly hacking something together and forgetting about it. We should have good craft in order to still move fast: building things well rather than just building them.